Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

In December 2010 the heat-seeking internet pranksters known as Anonymous attacked PayPal, the online bill-paying business. PayPal had been a conduit for donations to WikiLeaks, the rogue whistle-blower site, until WikiLeaks released a huge cache of State Department internal messages.

The Open Source Software Institute, a non-profit group that supports open-source adoption and the National Security Agency (NSA), the organization in charge of all out of country eavesdropping, will co-host an Open Source Software Industry Day on Wednesday, May 30, 2012.

Security experts from ERNW have demonstrated the ability to break out of the virtualisation hypervisor of VMware ESXi 5.0 using crafted VMware images. If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service (IaaS) offering, a malicious user could access all data on the server, including other customers' user passwords and virtual machines.

With several government websites hacked or defaced over the last few days, members of the hacker group "Anonymous" have labelled the country's cyber security setup as a "joke", and said they could easily hack into servers of most government organisations.

Point is that some things, no matter how lucrative or fun they might seem, just aren't worth the risk. Example: A life of crime can be rewarding or, more often, pretty tough. One day you are on top, the next you are busted. Literally and figuratively. If Jesse James is your role model, here are some things to avoid which will add years to your time on the street -- as opposed to jail.

Technically, the biggest difference between what a burglar does and what I do is that the burglar wants to get in and out quickly and doesn't care if the safe ever gets used again. I take my time because my objective is opening it with minimal damage so the owner can use it again.

You never really know what your most controversial pieces are going to be before you write them. I figured an exploration of what it feels like to have your account hacked in a game would be a relatable topic for many who have suffered something similar.

Computer hacking is a growing problem, and a growing career field. The third annual Appalachian Institute for Digital Evidence Conference at the Marshall University Forensics Lab focused on hacking and what it can mean for those fighting crime.

Cloud Linux Inc., an innovative software company serving the needs of hosting service providers, has released CageFS Version 3.5. This new version of the software features dramatic improvements in security for shared hosting companies. CageFS is a virtual file system that encapsulates each shared hosting customer in its own private virtual space.

Some components of the Flame spyware worm were signed using forged Microsoft certificates, according to a recent investigation by Microsoft. These unauthorised digital certificates allowed the Flame developers to make the malware appear as if it was actually created and approved by Microsoft.

Future versions of Fedora could come with a bootloader that is signed by Microsoft, a move that would ensure that the Linux distribution is easy to install on computers with the secure boot mechanism. The proposal was described in a blog entry this week by Red Hat kernel developer Matthew Garrett.